ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6330/javascript/rule.adoc
github-actions[bot] 3d0135cb34
Create rule S6330 (#1301) 
Fixed by https://github.com/SonarSource/SonarJS/issues/3434

Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: pedro-oliveira-sonarsource <104737234+pedro-oliveira-sonarsource@users.noreply.github.com>
2022-10-20 16:02:01 +02:00

88 lines
2.2 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[`aws-cdk-lib.aws-sqs.Queue`]
[source,javascript]
----
import { Queue } from 'aws-cdk-lib/aws-sqs';
new Queue(this, 'example'); // Sensitive
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[`aws-cdk-lib.aws-sqs.CfnQueue`]
[source,javascript]
----
import { CfnQueue } from 'aws-cdk-lib/aws-sqs';
new CfnQueue(this, 'example'); // Sensitive
----
== Compliant Solution
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[`aws-cdk-lib.aws-sqs.Queue`]
[source,javascript]
----
import { Queue } from 'aws-cdk-lib/aws-sqs';
new Queue(this, 'example', {
encryption: QueueEncryption.KMS_MANAGED
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[`aws-cdk-lib.aws-sqs.CfnQueue`]
[source,javascript]
----
import { CfnQueue } from 'aws-cdk-lib/aws-sqs';
const encryptionKey = new Key(this, 'example', {
enableKeyRotation: true,
});
new CfnQueue(this, 'example', {
kmsMasterKeyId: encryptionKey.keyId
});
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
For CfnQueue:
* Omitting "kmsMasterKeyId" disables SQS queues encryption. Make sure it is safe here.
For Queue:
* Omitting "encryption" disables SQS queues encryption. Make sure it is safe here.
* Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here.
=== Highlighting
* Highlight the initializer function if it does not contain the third argument `props` or `props` is set to `undefined`.
For Topic:
* Highlight the `props` object if it does not contain the property `encryption`.
* Highlight the `encryption` attribute if it is set to `QueueEncryption.UNENCRYPTED`.
For CfnQueue:
* Highlight the `props` object if it does not contain the property `kmsMasterKeyId`.
* Highlight the `kmsMasterKeyId` attribute if it is set to `undefined`.
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink